gh0strat | 435ba1cb6c5218a74f4ea3cc42ca2c33_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

435ba1cb6c5218a74f4ea3cc42ca2c33_JaffaCakes118
Size

216KB
MD5

435ba1cb6c5218a74f4ea3cc42ca2c33
SHA1

b943b911a695733d97429549014e6fcb5624e893
SHA256

3ffe04143ecb2b6ba1b6728811a319b290d4ab159ff58dea84cf5b5263a24945
SHA512

31bf4337a05d59a6e0cd5f1401cb537be56c922e7643d972234647c268c3226c49412298316e9bfeb18d8d21e0380d559d25f631718932f88bacc5b0f8662d71
SSDEEP

6144:8w0avOvt87JNbbUXr+D7TTTBldbnu1Ovmk:lvGv2JqXSD7TTT3chk

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
435ba1cb6c5218a74f4ea3cc42ca2c33_JaffaCakes118

Files

435ba1cb6c5218a74f4ea3cc42ca2c33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ae28e68656b5fc7a37b4da1053643e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SetFilePointer
FreeResource
GetLocalTime
CreateFileA
LoadResource
FindResourceA
GetProcAddress
LoadLibraryA
DeleteFileA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA

user32

wsprintfA

msvcrt

memset
??2@YAPAXI@Z
strlen
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit

Sections

.text
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ